sigma-rules

Files

T

Apoorva Joshi c5606e7f3f Update Advanced Analytics config guides (#3302 )

* Updating config guides for Advanced Analytics rules

* More updates

* Update setup instructions for LMD

* Adding more guides

* update TestRuleTiming unit test to ignore advanced analytic rules

* fixed flake error

* Moving config guides under setup instead of note

* Removing leading and trailing whitespace

* Updates as requested by PM

* Updating related integrations, minor updates to setup guides

* fixing unit tests to ignore analytic packages with multiple integration tags

* Update tests/test_all_rules.py

* fixing linting errors

---------

Co-authored-by: Kirti Kirti <kirti.kirti@elastic.co>
Co-authored-by: terrancedejesus <terrance.dejesus@elastic.co>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

Removed changes from:
- rules/integrations/beaconing/command_and_control_beaconing.toml
- rules/integrations/beaconing/command_and_control_beaconing_high_confidence.toml

(selectively cherry picked from commit 9a9f5437f2)

2023-12-13 15:58:18 +00:00

exfiltration_ml_high_bytes_destination_geo_country_iso_code.toml

Update Advanced Analytics config guides (#3302 )

2023-12-13 15:58:18 +00:00

exfiltration_ml_high_bytes_destination_ip.toml

Update Advanced Analytics config guides (#3302 )

2023-12-13 15:58:18 +00:00

exfiltration_ml_high_bytes_destination_port.toml

Update Advanced Analytics config guides (#3302 )

2023-12-13 15:58:18 +00:00

exfiltration_ml_high_bytes_destination_region_name.toml

Update Advanced Analytics config guides (#3302 )